Latest [May 19, 2026] Microsoft SC-300 Exam Practice Test To Gain Brilliante Result
Take a Leap Forward in Your Career by Earning Microsoft SC-300
NEW QUESTION # 158
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.
You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.
What should you do first?
- A. Configure a multi-factor authentication (MFA) registration policy.
- B. Configure password protection for Windows Server Active Directory.
- C. Disable the User consent settings.
- D. Disable Security defaults.
Answer: D
Explanation:
If your tenant was created on or after October 22, 2019, it is possible security defaults are already enabled in your tenant. To protect all of our users, security defaults are being rolled out to all new tenants created.
To enable CAP you have to disable Security defaults.
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals- security-defaults
NEW QUESTION # 159
You have a Microsoft 365 tenant.
You need to identify users who have leaked credentials. The solution must meet the following requirements.
* Identity sign-Ins by users who ate suspected of having leaked credentials.
* Rag the sign-ins as a high risk event.
* Immediately enforce a control to mitigate the risk, while still allowing the user to access applications.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks
NEW QUESTION # 160
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
User1 has the devices shown in the following table.
On November 5, 2020, you create and enforce terms of use in contoso.com that has the following settings:
* Name: Terms1
* Display name: Contoso terms of use
* Require users to expand the terms of use: On
* Require users to consent on every device: On
* Expire consents: On
* Expire starting on: December 10, 2020
* Frequency: Monthly
On November 15, 2020, User1 accepts Terms1 on Device3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
A white background with black text Description automatically generated
NEW QUESTION # 161
You have an Azure subscription that contains a user named User! and two resource groups named RG1 and RG2.
You need to ensure that User1 can perform the following tasks:
* View all resources.
* Restart virtual machines.
* Create virtual machines in RG1 only.
* Create storage accounts in RG1 only.
What is the minimum number of role-based access control (RBAC) role assignment* required?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: C
Explanation:
In Azure RBAC, access is granted by assigning roles to principals at a scope (subscription, resource group, or resource). The SC-300 materials emphasize using the least-privilege principle and scoping assignments appropriately so users can "view at the widest scope and create only where required." To meet the requirements: assign Reader at the subscription so User1 can "view all resources." Creation rights must be limited to RG1, so assign Virtual Machine Contributor at RG1 (this role can "start, stop, and restart virtual machines and create them," but cannot grant access) and Storage Account Contributor at RG1 (can "create and manage storage accounts"). No additional assignments are needed at RG2 because the subscription-level Reader grants view rights without create permissions there. This yields three assignments total: 1) Reader @ subscription, 2) Virtual Machine Contributor @ RG1, 3) Storage Account Contributor @ RG1. This aligns with SC-300 guidance that role assignments should be "as narrowly scoped as possible" while satisfying operational tasks.
NEW QUESTION # 162
You have an Azure AD tenant that contains a user named User1 and a Microsoft 365 group named Group1. User1 is the owner of Group1.
You need to ensure that User1 is notified every three months to validate the guest membership of Group1.
What should you do?
- A. Create a group expiration policy.
- B. Create an access review.
- C. Configure an access package.
- D. Configure the External collaboration settings.
Answer: B
Explanation:
An access review is a process that allows you to review and manage the access of users and groups to resources. You can use access reviews to validate the guest membership of Group1 every three months.
NEW QUESTION # 163
You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.
Which resources can use Managed 1 as their identity?
- A. VM1 and WebApp1 only
- B. WebApp1 only
- C. storage1 and WebApp1 only
- D. VM1, storage1, and WebApp1
Answer: A
NEW QUESTION # 164
You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)
A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.
Which users will be emailed a passcode?
- A. User1, User2, and User3
- B. User2 only
- C. User1 and User2 only
- D. User1 only
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode
NEW QUESTION # 165
You have an Azure AD tenant that contains multiple storage accounts.
You plan to deploy multiple Azure App Service apps that will require access to the storage accounts.
You need to recommend an identity solution to provide the apps with access to the storage accounts. The solution must minimize administrative effort.
Which type of identity should you recommend, and what should you recommend using to control access to the storage accounts? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Explanation:
NEW QUESTION # 166
You have Microsoft Entra tenant.
You need to configure the following External Identities features:
* B2B collaboration
* Monthly active users (MAU)-based pricing
Which two settings should you configure? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 167
You need to implement the planned changes and technical requirements for the marketing department.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-organization
NEW QUESTION # 168
You need to configure app registration in Azure AD to meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles
NEW QUESTION # 169
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION # 170
You have Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 171
You have an Azure subscription that contains the resources shown in the following table.
For which resources can you create an access review?
- A. Group1, App1, Contributor, and Role1
- B. Role1 and Contributor only
- C. Group1, Role1, and Contributor only
- D. Group1 only
Answer: A
Explanation:
Access reviews require an Azure AD Premium P2 license.
Access reviews for Group1 and App1 can be configured in Azure AD Access Reviews.
Access reviews for the Contributor role and Role1 would need to be configured in Privileged Identity Management (PIM). PIM is included in Azure AD Premium P2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how- to-start-security-review?toc=/azure/active-directory/governance/toc.json
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
NEW QUESTION # 172
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
The users are assigned the roles shown in the following table.
For which users can User1 and User4 reset passwords? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 173
You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)
Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units
NEW QUESTION # 174
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:[email protected]
Microsoft 365 Password: =1122334455667788
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 99999999
You need to ensure the owner of each Microsoft 365 group is notified to renew their group every
180 days. Groups that are NOT renewed must be deleted. For groups without an owner, the notifications must be sent to Allan Deyoung.
To complete this task, sign in to the appropriate admin center.
Answer:
Explanation:
NEW QUESTION # 175
Task 7
You need to lock out accounts for five minutes when they have 10 failed sign-in attempts.
Answer:
Explanation:
See the Explanation for the complete step by step solution
Explanation:
To configure the account lockout settings so that accounts are locked out for five minutes after 10 failed sign-in attempts, you can follow these steps:
Open the Microsoft Entra admin center:
Sign in with an account that has the Security Administrator or Global Administrator role.
Navigate to the lockout settings:
Go to Security > Authentication methods > Password protection.
Adjust the Smart Lockout settings:
Set the Lockout threshold to 10 failed sign-in attempts.
Set the Lockout duration (in minutes) to 5.
Please note that by default, smart lockout locks an account from sign-in after 10 failed attempts in Azure Public and Microsoft Azure operated by 21Vianet tenants1. The lockout period is one minute at first, and longer in subsequent attempts. However, you can customize these settings to meet your organization's requirements if you have Microsoft Entra ID P1 or higher licenses for your users
NEW QUESTION # 176
You have an Azure subscription named Sub1 that contains three users named User1. User2, and User3. Sub1 has a storage account named storage1 that contains the resources shown in the following table.
Sub1 contains the users shown in the following table.
Which users can read File1, and which users can read File2? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 177
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.
In Azure AD. you add a new enterprise application named Appl. Which groups can you assign to App1?
- A. Group3 only
- B. Group1 and Group2 only
- C. Group2 only
- D. Group1 and Group4
- E. Group1 only
Answer: A
NEW QUESTION # 178
You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)
Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units
NEW QUESTION # 179
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to meet the following requirements:
* Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
* Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
Explanation:
NEW QUESTION # 180
You have an Azure AD tenant that contains the users shown in the following table.
The tenant has the authentication methods shown in the following table.
Which users will sign in to cloud apps by matching a number shown in the app with a number shown on their phone?
- A. User3 only
- B. User1 only
- C. User1 and User2 only
- D. User2 and User3 only
- E. User2 only
Answer: B
NEW QUESTION # 181
......
Microsoft SC-300 (Microsoft Identity and Access Administrator) Certification Exam is designed for IT professionals who are responsible for managing and implementing identity and access solutions in Microsoft Azure. Microsoft Identity and Access Administrator certification exam validates the candidate's knowledge and skills in designing, implementing, and managing identity and access solutions using Microsoft Azure Identity services.
Authentic Best resources for SC-300 Online Practice Exam: https://www.dumpsmaterials.com/SC-300-real-torrent.html
Updates Up to 365 days On Developing SC-300 Braindumps: https://drive.google.com/open?id=1JE0EO9DnZTbYwVOj6ZHst2q_C9Rqyz4b
